Privacy

Effective Date:  October 14, 2024

If you are a visitor to the website or a data subject in receipt of our Services from the EEA, Switzerland and/or the UK, the following privacy policy applies to you: English, En Francais.

If you are a Japanese resident visiting our website or in receipt of our services, the following additional privacy policy contains further important information that also applies to you: 個人情報保護宣言 .

If you are a California resident visiting our website or in receipt of our Services the following supplemental privacy provisions apply to you: Privacy Notice for California Residents.

A PDF copy of this Privacy Policy is available for printing here.

PRIVACY POLICY

This Privacy Policy describes the types of information Citadel Enterprise Americas LLC, Citadel Securities Americas LLC, Citadel Americas LLC, and their affiliates (“Citadel”) collect from you when you visit or access www.citadel.com or www.citadelsecurities.com, any other of our websites where this policy is posted, or our iOS and Android apps (collectively the “Platforms”) or otherwise interact with us online. It applies to every person who visits, accesses, or registers with the Platforms, applies for a job with us, receives newsletters or other marketing communications issued by or on behalf of Citadel, or engages with us to use the services that Citadel provides (collectively the “Services”) except as otherwise contractually agreed.

This Privacy Policy also explains how Citadel may use and disclose your information and how you may control certain uses of your personal data.  This Privacy Policy is in addition to any separate annual privacy policy or notice that Citadel may send individuals who participate certain Services that Citadel offers.

Please note that the data controller (or similar term under local law) is generally the Citadel entity you contract with in relation to our Services or the Citadel entity to which you apply for a job.  However, Citadel is an international business, and your personal data may be processed by other Citadel group companies or companies managed by Citadel on a joint data controller basis, where permitted by applicable law.  “Personal data” and “information” are used interchangeably throughout this Privacy Policy and each refer to information about identifiable natural people.

INFORMATION COLLECTION

Information Collected About Clients and Visitors to Our Platforms

We collect information from you when you choose to share it with us, when you visit or access our Platforms, request information from us, or contact us.

The information we collect from you may include:

• Contact information, including your name, address, email address, or phone number;
• Employer-related information, such as your title and the company’s name, address, and phone number;
• Citadel account number;
• Profile data, such as your account username and password for our Platforms;
• Location information (IP address, IP address locations, information about your location);
• Platforms activity (how you use our Platforms, pages viewed, time of service, date of service, duration of service, time since last visit, links clicked, information about pages viewed on our Platforms);
• Off-Platforms activity (referring website addresses, information about the site or app you came from);
• Information about your device (device type, internet connection type, linking multiple devices to the same user) and browser (like type and language); and
• Marketing and communications data, such as marketing or communication preferences.

Information Collected about Participants in One of Our Programs

We may collect information that you provide to us directly, that we receive from third parties, or that we collect automatically as you access any of our Platforms in connection with your participation in one of our programs.  In addition to the types of information that may be collected about visitors to our Platforms, we may collect information you provide during the on-boarding process, including information provided on your tax forms, authorization agreement for direct deposits, personal data collection form, and supplemental disclosures.

Information Collected about Prospective Employees and Job Applicants

We may collect the following information about you that you either provide to us directly, that we receive from third parties, or that we collect automatically as you access any of our Platforms.  In addition to the types of information that may be collected about visitors to our Platforms, we may collect:

• Career demographics (job title, role, profession, education, industry, years of experience, skills);
• Career interests (career topics and areas of interest, expected date of graduation for current students, majors, locations interested in working, interests in upcoming events);
• Information you provided in-person (e.g., at events attended);
• Topics you have expressed interest in;
• Email activity (emails opened, email program used, clicks in email);
• Profile information from social media sites;
• Information you submit to us (e.g., submitted images, photos, videos; other items you submit; details about your requests made to us); and
• Job(s) applied for or interested in (including the job opening’s education and experience description).

Information Collected from Third Parties or Other Sources

We may obtain personal or other information about you from third parties or other sources and combine this information with the information we collect from you.  This might include any other information obtained through companies that have business relationships with us, such as our licensees, affiliates, and business partners.

We may also obtain information about you from other online sources, including when you connect with Citadel through its official corporate pages on third-party social networks (such as LinkedIn or Facebook) or other apps.  This information may include your name, user name, demographic information, updated address or contact information, interests, and publicly-observed data.  We may combine this information with the information we collect from you through the Platforms.

For prospective employees and job applicants, in addition, we may obtain information about you from third parties, including without limitation, recruitment agencies, background check providers, credit reference agencies, and your references, where required or permitted to conduct such checks under applicable law.

Information Automatically Collected through Cookies

We may use cookies, web beacons, pixel tags, JavaScript, or other similar technologies (which we generically refer to as “Cookies”) to collect certain information about visitors to our Platforms and interactions with our emails and online or mobile advertisements, and to allow Citadel to keep track of analytics and statistical information that enables us to improve our Platforms and provide you with more relevant content on our Platforms and marketing channels.

For example, we may collect information about your use of the Platforms, including the Platforms activity and off-Platforms activity described in the Information Collected About Clients and Visitors to Our Platforms section; emails that you open, forward, or click-through to our Platforms; comments and ratings you submit; and website and/or app preferences and settings.

We may also use third-party Cookies to support our Platforms, provide services on our behalf, complete business transactions, or provide relevant advertising to you.  Some of these third parties may use Cookies on our Platforms, which may send them some of the above-referenced information.  The use of this information by those third parties will be governed by their own privacy policies including, for example, Google’s Analytics Privacy Policy or the Salesforce Privacy Policy.

We also may use Cookies to collect information about your online activities over time and across third-party websites, apps, or other online services (behavioral tracking).  If you click on or otherwise interact with an advertisement, we may assume that you meet the target criteria.

Management of Cookies, Tracking Options, and Do Not Track Disclosures

There are various ways that you can manage your Cookie preferences, but please be aware that in order to use some parts of our Platform you will need to allow certain essential or functional Cookies. If you block or subsequently delete those Cookies, some aspects of our Platform may not work properly, and you may not be able to access all or part of our Platform.

For further information about types of Cookies used and to customize your cookie preferences please visit Manage My Preferences.

Additionally, you are free to set your browser or operating system settings to limit certain tracking or to decline Cookies, but by doing so, you may not be able to use certain features on the Platforms.  Refer to your Web browser’s or operating system’s website or “Help” section for more information on how to delete and/or disable your browser or operating system from receiving Cookies and how to control your tracking preferences.

Our system responds to most Do Not Track requests or headers from some or all browsers.  To learn more about the use of Cookies to deliver more relevant advertising and to know your choices about not having this information used by certain service providers, click http://www.aboutads.info/choices/ and https://policies.google.com/technologies.  For more general information on cookie management and blocking or deleting cookies for a wide variety of browsers, visit www.allaboutcookies.org.

On your mobile device, you may also adjust your privacy and advertising settings to control whether you want to receive more relevant advertising.

PURPOSE FOR PERSONAL DATA COLLECTION, USE, AND DISCLOSURE

Citadel may collect, use, and disclose your personal data for any of the following purposes:

• To deliver’s Citadel’s Services to you;
• For your participation in certain of our programs;
• To enhance your online experience, including as a way to recognize you and welcome you to the Platforms;
• To develop new products or Services and to conduct analysis to enhance current products and Services;
• To review the usage and operations of our Platforms and improve our content, products, and Services;
• To recognize your online activities over time and across different websites, apps, and devices;
• With your express opt-in consent where required, to provide you with customized content on our Platforms or via email, telephone, text message, mail, or other marketing channels;
• With your express opt-in consent where required, to contact you with information, newsletters, and promotional materials from Citadel or on behalf of our business partners, licensees, and affiliates;
• With your express opt-in consent where required, to serve ads through third-party services (including social media platforms) that are targeted to reach people on those services who are identified in our databases.  This may be done by matching common factors between our databases and the databases of third-party operators.  For example, we may use LinkedIn Custom Audiences to provide such information on LinkedIn to people whose information and email addresses we already have and who expressed an interest in hearing from us;
• For recruiting, position advertising, talent management, and employment purposes, including assessment, selection, or conclusion of an employment offer, inclusion in our recruitment database for possible future employment opportunities (with your consent where required), and to comply with our legal and regulatory obligations in relation to recruitment;
• To contact you when necessary by email, phone, text message, mail, or in-app direct message;
• To use your data in an aggregated, anonymous, non-specific format for analytical purposes;
• To address problems with the Services or our business;
• To protect the security or integrity of the Platforms and our business, such as by protecting against and preventing fraud, unauthorized transactions, claims, and other liabilities and by managing risk exposure, including by identifying potential malicious or unauthorized users or uses; and
• As otherwise described to you at the point of data collection.

Personal data will only be collected for the purpose outlined above and not further processed in a manner incompatible with those purposes.

Additionally, if you use the Platforms to connect with third-party services you authorize us to use information from you, on your behalf, to interact with these third-party services based on your requests.

For further information about Citadel’s use, retention, and destruction of personal data under EEA, Swiss, and UK data protection laws, see the following privacy policy: English, En Francais.

For similar details about Citadel’s use of personal data under the California Consumer Privacy Act, see the following: Privacy Notice for California Residents.

For similar additional details for Japanese residents, see the following: 個人情報保護宣言.

In all other jurisdictions, personal data will be stored no longer than necessary for the purposes for processing and for which retention is necessary for legal or business purposes.

PERSONAL DATA SHARING

Citadel may disclose the personal data we collect from you with the following categories of third parties and in the following ways:

• With our affiliated companies;
• With our third-party service providers that provide business, professional or technical support functions for us;
• As necessary if we believe that there has been a violation of our Terms of Use or of our rights or the rights of any third party;
• To respond to judicial process or provide information to law enforcement or regulatory agencies or in connection with an investigation on matters related to public safety, as permitted by law, or otherwise as required by law; and
• As otherwise described to you at the point of collection.

Citadel may also share aggregate or anonymous non-personal data with third parties for marketing or analytics uses on behalf of Citadel.

We may share your personal data in connection with a merger, financing, acquisition, dissolution, transaction, bankruptcy, or proceeding involving sale, transfer, or divestiture of all or a portion of our business or assets.  If another entity acquires our business or assets, that entity will have your personal data collected by us and will assume the rights and obligations regarding your information as allowed by this Privacy Policy.

TRANSFERS OF PERSONAL DATA AND ADDITIONAL INFORMATION ON DATA PROCESSING

Due to Citadel’s international operations, personal data may be transferred to other countries when necessary for one of the reasons set forth above or to deliver the Services. Citadel and many third-party service providers that Citadel works with are based in the US and have material operations in multiple countries. Your personal data may be shared with or transferred to other Citadel group companies or third-party service providers in the US or other jurisdictions, including but not limited to those listed in the “Our Companies, Offices, Locations, and Regulators” section below.

When Citadel transfers your personal data, such transfers will be carried out in accordance with local data protection law, including as described below. You can obtain further details about this by contacting us by using the contact details in the “Contact Us” section.

EEA, Switzerland and UK

Personal data for EEA, Swiss, or UK natural persons may be transferred to other countries that may not have equivalent data protection laws, including to the US, for the purposes of sharing the data with non-EEA/Swiss/UK Citadel affiliates and the third parties listed above. In addition, such information may be stored on servers outside the EEA, Switzerland, or the UK. Citadel will only transfer this information outside the EEA, Switzerland, or the UK if it has a lawful basis for such a transfer, and only after implementing appropriate safeguards and any supplementary contractual, organizational, and/or technical measures to seek to ensure an essentially equivalent level of protection of the information to the protection offered by the EU GDPR, the UK GDPR, and the Swiss Federal Act on Data Protection.  For further details see the following privacy policy: English, En Francais.

Australia

If Australian law applies to Citadel’s processing of your information, it is being processed in accordance with this Privacy Policy. In addition, our use of such information may be subject to various privacy laws of Australia, including the Australian Privacy Act 1988 (Cth).

Canada

If Canadian law applies to Citadel’s processing of your information, it is being processed in accordance with this Privacy Policy. In addition, our use of such information may be subject to various privacy laws of Canada, including the Personal Information Protection and Electronic Documents Act 2000.

China

If Chinese law applies to Citadel’s processing of your information, it is being processed in accordance with this Privacy Policy. In addition, our use of such information may be subject to various privacy laws of China including the Personal Information Protection Law 2021.

Hong Kong

If Hong Kong law applies to Citadel’s processing of your information, it is being processed in accordance with this Privacy Policy. In addition, our use of such information may be subject to various privacy laws of Hong Kong, including the Hong Kong Personal Data (Privacy) Ordinance.

India

If Indian law applies to Citadel’s processing of your information, it is being processed in accordance with this Privacy Policy. In addition, our use of such information may be subject to various privacy laws of India, including Article 21 of the constitution, the statutory provisions contained in Sec. 8(j) of the Right to Information Act, 2005, and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.

Japan

If Japanese law applies to Citadel’s processing of your information, it is being processed in accordance with this Privacy Policy and 個人情報保護宣言. Our use of such information may be subject to various privacy laws of Japan, including the Act on the Protection of Personal Information (Act No. 57 of 2003 as amended in 2020).

Singapore

If Singaporean law applies to Citadel’s processing of your information, it is being processed in accordance with this Privacy Policy. In addition, our use of such information may be subject to various privacy laws of Singapore, including the Personal Data Protection Act 2012.

Should the jurisdiction of a country not listed above apply to the data processing, we will endeavor to comply with such laws to the extent applicable.

Americas

Companies, Offices, and Locations

Privacy & Data Regulators

USA: Miami Southeast Financial Center, 200 S. Biscayne Boulevard, Miami, FL 33131 Austin San Jacinto Center, 98 San Jacinto Boulevard, 14th Floor, Austin, TX 78701 Boston 28 State Street, 6th Floor, Boston, MA 02109 Chicago 131 South Dearborn Street, Chicago, IL 60603 Dallas 300 Crescent Court, Suite 250, Dallas, TX 75201 Greenwich 33 Benedict Place, 3rd Floor, Greenwich, CT 06830 Houston Bank of America Center, 700 Louisiana St., Suite 4600, Houston, TX 77002 New York 350 Park Avenue, New York, NY 10022 and other locations in New York City San Francisco 4 Embarcadero Center, San Francisco, CA 94111 Santa Monica 1547 9th Street, Santa Monica, CA 90401 Tampa 1001 Water Street, Suite 610, Tampa, FL 33602 Washington D.C. 700K Street NW, Washington, DC 20001   CANADA: Calgary 255 5 Ave. SW, Calgary AB T2P 2V7, Canada Toronto First Canadian Place, 100 King Street West, Suite 4720, PO Box 147, Toronto, Ontario, M5X 1C7

The Federal Trade Commission FTC | How to contact us California Privacy Protection Agency CPPA | How to contact us Office of the Privacy Commissioner of Canada OPC | How to contact us Office of the Information and Privacy Commissioner of Ontario OIPC | How to contact us Office of the Information and Privacy Commissioner of Alberta OIPC | How to contact us

 

Europe

Companies, Offices, and Locations	Privacy & Data Regulators
London 120 London Wall, London EC2Y 5ET, United Kingdom Dublin One Grand Canal Square, 5th Floor, Dublin 2, Dublin, Ireland Paris 40 Rue la Boétie, 1st floor, Paris, France 75008 Zürich Klausstrasse 4 8008 Zürich, Switzerland	The Federal Trade Commission ICO | How to contact us The Data Protection Commission DPC | How to contact us Commission Nationale de l’Informatique et des Libertés CNIL | How to contact us The Federal Data Protection and Information Commissioner FDPIC | How to contact us

 

Asia-Pacific

Companies, Offices, and Locations

Privacy & Data Regulators

Hong Kong 16th Floor, Two International Finance Centre, 8 Finance Street, Hong Kong SAR Tokyo Marunouchi Nijubashi Building, 3-2-2 Marunouchi, Chiyoda-ku, Tokyo 100-0005, Japan Singapore Asia Square Tower 2, #22-01/02, 12 Marina View, Singapore, 018961 Shanghai 15/F Plaza 66, Tower II, Nanjing West Road, Shanghai, China Gurugram Level 4, 04-A108, Two Horizon Centre, Golf Course Road, DLF Phase 5, Sector 43, Gurugram, Haryana 122002, India Sydney Westpac Building, 60 Martin Pl, Sydney NSW 2000, Australia

The Privacy Commissioner PCPD | How to Contact Us Personal Information Protection Commission PPC | How to contact us Personal Data Protection Commission PDPC | Contact Us The Cyberspace Administration of China CAC | How to contact us The Ministry of Electronics and Information Technology MEITY | How to contact us Office of the Australian Information Commissioner OAIC | How to contact us

 

LINKS TO OTHER WEBSITES

The Platforms and email messages from us may contain links to third-party websites, which may have privacy policies that differ from our own.  You should be aware that the collection, retention, and use of any data you provide on these websites will be governed by the privacy policy of the company providing the website and not by this Privacy Policy.  We are not responsible for the practices of such websites.

CHILDREN’S PRIVACY

Protecting children’s privacy is important to us.  We do not direct the Platforms to, nor do we knowingly collect, any personal data from children under the age of eighteen.  If we learn that a child under the age of eighteen has provided personal data to the Platforms, we will use reasonable efforts to remove such information from our files.

DATA SECURITY

We have taken reasonable physical, administrative, and technical steps to safeguard the information we collect from and about our customers and Platforms visitors to prevent unauthorised access, collection, use, disclosure, copying, modification, leakage, loss, damage, and/or alteration of your personal data.

DATA STORAGE

Your personal data may be stored on servers in the United States and be subject to the laws of the United States, where the data protection and other laws may differ from those of other countries, or on servers in other countries when necessary for one of the reasons set forth above or to deliver the Services.  Your personal data may be disclosed in response to inquiries or requests from government authorities or to respond to judicial process in the countries in which we operate.

YOUR OPTIONS AND ACCESS TO YOUR PERSONAL DATA

You may have other rights in your jurisdiction to know whether we process your personal data; to obtain a copy of your personal data; to correct any inaccuracies in the personal data we maintain about you (taking into account the nature of the personal data and the purposes for processing such personal data); to request we delete your personal data; and to opt-out of certain personal data processing  by Citadel.  You may contact your account representative to update your information in our system.  If you have any additional questions concerning access to or updating your personal data, as well as to exercise any other rights you may have in your jurisdiction, please contact us at the information provided in the “Contact Us” section below. You will not face any retaliation or discrimination for exercising your rights.We take reasonable steps to ensure that any personal data we collect, disclose, and use is accurate and complete, especially if your personal data is likely to be used by us to make a decision that affects you or disclosed to a third party. However, it is important that you advise us of any changes to your personal data or if there are any errors in the personal data we hold about you. We will not be responsible for relying on inaccurate or incomplete personal data arising from your not updating us regarding changes in your personal data that you had initially provided us with.

COMPLAINTS

If you believe that we have not complied with this Privacy Policy or you have any grievances in relation to our collection, use, and disclosure of your personal data, you may submit a complaint to us using the information provided in the “Contact Us” section below. Where you consider that our response to your complaint is inadequate, you may escalate your complaint to the Regulator in your respective jurisdiction, whose contact details are provided in the “Our Companies, Offices, Locations, and Regulators” section above.

CONTACT US

We hope this Privacy Policy answers your questions about our collection, use, and disclosure of your personal data.  If you have additional questions about this Privacy Policy or the practices described here, you may contact us at [email protected] or write to us at the following address:

Privacy Officer
Citadel Enterprise Americas LLC
Southeast Financial Center
200 S. Biscayne Blvd
Suite 3300
Miami, FL 33131

NON-EEA, SWISS, AND UK USERS’ ACCEPTANCE OF THIS PRIVACY POLICY

By using the Services, you confirm that you have read, understood, and (if required) agree to this Privacy Policy.  If you do not agree with the terms of this Privacy Policy, please do not use our Services.  Even if you had previously provided your express opt-in consent to receiving marketing communications, you may opt out of marketing communications at any time by contacting Citadel using the information above.

REVISIONS TO THIS PRIVACY POLICY

Citadel reserves the right, at its sole discretion, to change, modify, add, remove, or otherwise revise portions of this Privacy Policy at any time to reflect any changes or proposed changes to our use of your personal data, or to comply with changes in applicable law or regulatory requirements.  If we do, we will update the effective date at the top of the page.  Your continued use of the Platforms following the posting of changes to these terms means you accept these changes.

Non-affiliated third parties are independent from Citadel. If you wish to receive information about your disclosure choices or stop communications from such third parties, you will need to contact those non-affiliated third parties directly.